Synack, the leading security testing platform, has announced the launch of its Continuous Attack Surface Discovery offering and scalable AI penetration testing. This move aims to assist overburdened security teams in staying ahead of the curve in the face of evolving threats.
Recent studies show that only 9% of organizations monitor their entire attack surface, and the emergence of AI-enabled cyber threats is further exposing gaps in defenders' visibility. Addressing this concern, Dr. Mark Kuhr, CTO and co-founder of Synack, stated, "PTaaS with integrated Attack Surface Discovery gives organizations a fighting chance against attackers."
Synack's Attack Surface Discovery offering integrates into a cyclical continuous testing process, providing enterprises with the tools to not only uncover their external attack surfaces but also to make this data actionable. The service pairs continuous discovery with comprehensive Pentesting as a Service (PTaaS), offering key benefits such as continuous discovery of new assets, insights that inventory and fingerprint all discovered and tested assets, and tailored user permissions via role-based access controls.
The platform's continuous testing is powered by the Synack Red Team, which consists of over 1,500 trusted security researchers. It provides vulnerability triage, re-testing, and root cause analysis backed by best-in-class engineering and customer support. Dr. Kuhr emphasized the importance of understanding and acting on attack surface data to improve security posture, stating, "Security teams are still struggling to understand their attack surfaces and act on that data to improve their security posture."
As threats evolve, Synack has adapted its offerings to meet the demands of modern software development, including the need to constantly check for new vulnerabilities in AI and large language model (LLM) applications. The U.S. federal sector, with 1,200 current and planned AI use cases, has been noted by the Government Accountability Office as struggling to effectively address AI risks.
To address the complexities of modern enterprise attack surfaces, Synack's expertise extends to generative AI technologies. The company has introduced an offering to test the latest generation of AI/LLM applications in alignment with the OWASP LLM Top 10, ensuring that organizations can stay ahead of potential vulnerabilities in their evolving technological landscape.